Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in kdeedu (Fedora Core 4)
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in kdeedu (Fedora Core 4)
ID: FEDORA-2005-744
Distribution: Fedora
Plattformen: Fedora Core 4
Datum: Do, 18. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2101
Applikationen: KDE Software Compilation

Originalnachricht

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-744
2005-08-16
---------------------------------------------------------------------

Product : Fedora Core 4
Name : kdeedu
Version : 3.4.2
Release : 0.fc4.2
Summary : Educational/Edutainment applications for KDE
Description :
Educational/Edutainment applications for KDE

---------------------------------------------------------------------
Update Information:

Ben Burton notified the KDE security team about several
tempfile handling related vulnerabilities in langen2kvtml,
a conversion script for kvoctrain. The script must be
manually invoked.

The script uses known filenames in /tmp which allow an local
attacker to overwrite files writeable by the user invoking the
conversion script.

This update fixes these vulnerabilities.
---------------------------------------------------------------------
* Tue Aug 9 2005 Than Ngo <than@redhat.com> 3.4.2-0.fc4.2
- apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

c67158d3b335fbc4a8f2ea525c3b72b7 SRPMS/kdeedu-3.4.2-0.fc4.2.src.rpm
bd7bb376d62d379191c13e41ddacc71c ppc/kdeedu-3.4.2-0.fc4.2.ppc.rpm
0078da1ed86fb27e7cafdf7266aaf531 ppc/kdeedu-devel-3.4.2-0.fc4.2.ppc.rpm
2413132c98bd9056d83d3a36599a7a7c
ppc/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.ppc.rpm
ad81b18583d1c1ae12b7bb80e5f9a231 x86_64/kdeedu-3.4.2-0.fc4.2.x86_64.rpm
dc9701f17f39a2b2e7557445cb643a0c x86_64/kdeedu-devel-3.4.2-0.fc4.2.x86_64.rpm
3fdfc3ac1f9b274aa23105f668669928
x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.x86_64.rpm
2dec5389a9e086cfe32bea50dfc0020f i386/kdeedu-3.4.2-0.fc4.2.i386.rpm
3fb79b0ca43b4f83b535ded7c8d6bcdb i386/kdeedu-devel-3.4.2-0.fc4.2.i386.rpm
7ac009558c5f813312dd95b9e9ef03b1
i386/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung